Detections
Analytics

CVE-2009-0260

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).

References

https://www.debian.org/security/2009/dsa-1715

https://usn.ubuntu.com/716-1/

https://exchange.xforce.ibmcloud.com/vulnerabilities/48126

http://www.vupen.com/english/advisories/2009/0195

http://www.securityfocus.com/archive/1/500197/100/0/threaded

http://secunia.com/advisories/33755

http://secunia.com/advisories/33716

http://secunia.com/advisories/33593

http://osvdb.org/51485

http://moinmo.in/SecurityFixes#moin1.8.1

http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1

Details

Source: Mitre, NVD

Published: 2009-01-23

Updated: 2018-10-11

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: Medium